In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf()
calls blindly with snprintf(). However, since snprintf() returns the
would-be-printed size, not the actually output size, the length
calculation can still go over the given limit.
Use scnprintf() instead of snprintf(), which returns the actually
output letters, for addressing the potential out-of-bounds access
properly.
Metrics
Affected Vendors & Products
References
History
Fri, 08 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 31 Oct 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel Redhat Redhat enterprise Linux |
|
Weaknesses | CWE-125 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel Redhat Redhat enterprise Linux |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 30 Oct 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 29 Oct 2024 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly. | |
Title | parport: Proper fix for array out-of-bounds access | |
References |
|
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-10-29T00:50:16.263Z
Updated: 2024-11-08T15:58:14.088Z
Reserved: 2024-10-21T19:36:19.940Z
Link: CVE-2024-50074
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-10-29T01:15:04.540
Modified: 2024-11-08T16:15:45.653
Link: CVE-2024-50074
Redhat